Headline
CVE-2022-23603: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') and Improper Encoding or Escaping of Output in server.py
iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users are advised to upgrade as soon as is possible. There are no known workarounds for this issue.
Impact
What kind of vulnerability is it? Who is impacted?
This vulnerability is a XSS and Improper Encoding vulnerability. AFAIK, only servers are impacted.
Patches
Has the problem been patched? What versions should users upgrade to?
No patches have been released yet.
As of commit 24f43aa, the issue has been fixed. No official releases are affected. Commits 7f9dd66, b39ad02, 96cc9f2, 4d0f88b, c29b3c8, 953fd83, 355a474, and 54b02d9 are all still vulnerable.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Users can manually add escaping to the server and client, or upgrade to commit 24f43aa.
For more information
If you have any questions or comments about this advisory:
- Email us at [email protected]